Avoid Getting Scammed Online
Every day numerous phishing emails are sent to unsuspecting victims all over the world. While some of these messages are so abstract that they are obviously a fraud, others can be a bit more convincing.
In case you aren’t clear on what a phishing email is, it is an attempt by a cybercriminal to obtain sensitive information from you about any of your accounts, get usernames, passwords, credit card details, your social security number or anything else. They do this by disguising themselves as a trustworthy entity through email. These types of emails also have the risk of installing a virus onto your computer or doing you harm in any other number of ways.
So, how can you tell the difference between a phishing message and a legitimate message? Unfortunately, there is no one size fits all solution, but there are several techniques that you can look for. This article lists 10 of them.
1: The message contains a mismatched URL
One of the first things to look at in a suspicious email message is the integrity of any included or linked URLs. Oftentimes the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL (but don’t click anything yet!), you should see the actual linked address (at least this does in Outlook). If the hyperlinked address is different from the address that is displayed, the message is likely fraudulent or dangerous.
2: URLs contain a misleading domain name
People who send these phishing scams often rely on their victims not knowing how the DNS naming structure for domains works. The last part of a domain name is the most telling. For example, the domain name info.SystemSafe.com would be a child domain of SystemSafe.com because
SystemSafe.com appears at the end of the full domain name (on the right-hand side). Conversely, SystemSafe.malware.com would clearly not have originated from SystemSafe.com because the reference to SystemSafe.com is on the left side of the domain name.
I have seen this trick used countless times by phishing artists as a way of trying to convince victims that a message came from a company like Microsoft. The phishing artist simply creates a child domain bearing the name Microsoft. The resulting domain name looks something like this: Microsoft.maliciousdomainname.com.
Similarly, the phishing artists also create close-match domains that will trick you without a close look. They take a familiar brand like Target or Microsoft and create a new domain with that brand name slightly misspelled. If you don’t look close, you might miss it. They will take target.com and change it to tarrget.com, or targt-customer-support.com.
3: The message contains poor spelling and grammar
Whenever a large company sends out a message on behalf of the company the message is usually reviewed for spelling, grammar, and several other things. So, if a message is filled with poor grammar or spelling mistakes, it probably didn’t come from a major corporation.
4: The message asks for personal information
No matter how official an email message might look, it’s always a bad sign if the message asks for personal information. Your bank doesn’t need you to send it your account number. It already knows what it is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.
5: The offer seems too good to be true
There is an old saying that if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.
6: You didn’t initiate the action
Yesterday I received an email message informing me that I had won the lottery!
The only problem is that I never bought a lottery ticket. If you get a message informing you that you have won a contest you did not enter, you can bet that the message is a scam.
7: You’re asked to send money to cover expenses
One sign of a phishing email is being asked for money. You might not get asked for cash in the initial message. But sooner or later, phishing artists will likely ask for money to cover expenses, taxes, fees, etc. If that happens, you can be assured it’s a scam.
8: The message makes unrealistic threats
Although most phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing attempts use intimidation to scare victims into giving up information. If a message contains unrealistic threats, it’s likely a scam
9: The message appears to be from a government agency
Phishers who use intimidation don’t always pose as a bank. Often, they’ll send messages claiming to have come from a law enforcement agency, the IRS, or just about any other entity that might scare the average law-abiding citizen.
I can’t tell you how government agencies work outside the United States. But here, government agencies don’t normally use email as an initial point of contact, and law enforcement agencies follow certain protocols. They don’t engage in email-based extortion—at least, not in our experience.
10: Something just doesn’t look right
In Las Vegas, casino security teams are taught to look for anything that JDLR—just doesn’t look right, as they call it. The idea is that if something looks off, there’s probably a good reason why. This same principle almost always applies to email messages. If you receive a message that seems suspicious, it’s usually in your best interest to avoid acting on the message.
In summary, think before you click! You need to have your guard up and be leery of getting scammed. Use common sense and trust your instincts.